Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 690183

Summary: hotplug of usb hostdev can crash libvirt
Product: Red Hat Enterprise Linux 6 Reporter: Eric Blake <eblake>
Component: libvirtAssignee: Eric Blake <eblake>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: ajia, dallan, dyuan, eblake, llim, vbian, veillard, yoyzhang
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-0.8.7-15.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-19 13:29:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 642785    
Bug Blocks:    

Description Eric Blake 2011-03-23 14:25:36 UTC 
Description of problem:
bug 642785 introduced a regression in hot-plugging usb hostdev devices, which crashes libvirtd

Version-Release number of selected component (if applicable):
libvirt-0.8.7-14.el6

How reproducible:
100%

Steps to Reproduce:
# cat usb.xml 
<hostdev mode='subsystem' type='usb'>
  <source>
    <address bus='0x001' device='0x003'/>
  </source>
</hostdev>
# virsh attach-device vm1 usb.xml
error: Failed to attach device from usb.xml
error: server closed connection: 
  
Actual results:
libvirtd dies from a NULL deref

Expected results:
hotplug should work

Additional info:
Latent bug introduced in commit b4d3434f, exposed by commit
f2512684. Solved in upstream commit:
commit bcac844f4f21b7aa6501af81efcc1aaa703ba756
Author: Wen Congyang <wency.com>
Date:   Wed Mar 23 10:02:15 2011 +0800

    Initialization error of qemuCgroupData in Qemu host usb hotplug
    
    Steps to reproduce this bug:
    # cat usb.xml
    <hostdev mode='subsystem' type='usb'>
      <source>
        <address bus='0x001' device='0x003'/>
      </source>
    </hostdev>
    # virsh attach-device vm1 usb.xml
    error: Failed to attach device from usb.xml
    error: server closed connection:
    
    The reason of this bug is that we set data.cgroup to NULL, and this will cause  libvirtd crashed.
Comment 1 Eric Blake 2011-03-23 14:27:24 UTC 
In POST:
http://post-office.corp.redhat.com/archives/rhvirt-patches/2011-March/msg00627.html
Comment 3 koka xiong 2011-03-24 06:08:11 UTC 
*** Bug 690379 has been marked as a duplicate of this bug. ***
Comment 5 Alex Jia 2011-03-30 07:21:33 UTC 
I can reproduce the bug on rhel6.1(2.6.32-120.el6.x86_64) with libvirt-0.8.7-14.el6.

And the bug has been verified on rhel6.1(2.6.32-120.el6.x86_64) with libvirt-0.8.7-15.el6.x86_64.


# virsh list 
 Id Name                 State
----------------------------------
  1 vr-rhel6-x86_64-kvm  running

# service libvirtd status
libvirtd (pid  3099) is running...

# lsusb
Bus 007 Device 003: ID 413c:2003 Dell Computer Corp. Keyboard
Bus 007 Device 002: ID 0461:4d22 Primax Electronics, Ltd 
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 0ed1:6981 WinMaxGroup 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

# virsh nodedev-dumpxml usb_1_3
<device>
  <name>usb_1_3</name>
  <parent>usb_usb1</parent>
  <capability type='usb_device'>
    <bus>1</bus>
    <device>5</device>
    <product id='0x6981'>Miniking Device</product>
    <vendor id='0x0ed1'>aigo</vendor>
  </capability>
</device>

# cat usb.xml 
    <hostdev mode='subsystem' type='usb' managed='yes'>
      <source>
        <address bus='0x001' device='0x002'/>
      </source>
    </hostdev>

# virsh attach-device vr-rhel6-x86_64-kvm usb.xml
Device attached successfully

# virsh dumpxml vr-rhel6-x86_64-kvm
<domain type='kvm' id='1'>
  <name>vr-rhel6-x86_64-kvm</name>
......
    <hostdev mode='subsystem' type='usb' managed='yes'>
      <source>
        <address bus='1' device='2'/>
      </source>
      <alias name='hostdev0'/>
    </hostdev>
.....

In addition, I can find the usb device on guest by lsusb, and I can also mkdir a directory and touch a file in the usb device. 


# ps -ef | grep qemu-kvm
qemu      2802     1  2 14:01 ?        00:00:35 /usr/libexec/qemu-kvm -S -M rhel6.1.0 -enable-kvm -m 512 -smp 1,sockets=1,cores=1,threads=1 -name vr-rhel6-x86_64-kvm -uuid fbe7bfbe-3e92-2e86-c678-9524e45eed8b -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/vr-rhel6-x86_64-kvm.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -boot c -drive file=/var/lib/libvirt/images/vr-rhel6-x86_64-kvm,if=none,id=drive-ide0-0-0,format=raw -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -netdev tap,fd=22,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=52:54:00:4f:83:c7,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -usb -vnc 127.0.0.1:0 -k en-us -vga cirrus -device AC97,id=sound0,bus=pci.0,addr=0x4 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5
root      4893  2849  0 14:21 pts/2    00:00:00 grep qemu-kvm
Comment 8 errata-xmlrpc 2011-05-19 13:29:29 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0596.html